security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

gpg: Try to mitigate the problem of wrong CFB symkey passphrases.

Browse Source 
* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
--

GnuPG-bug-id: 3795
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-02-23 10:49:19 +01:00
parent 7853190cfe
commit cbc7bacf2f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
g10/mainproc.c
View File

@ -315,6 +315,21 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
else else
{ {
gcry_cipher_decrypt (hd, seskey, slen, NULL, 0 ); gcry_cipher_decrypt (hd, seskey, slen, NULL, 0 );
/* Here we can only test whether the algo given in decrypted
* session key is a valid OpenPGP algo. With 11 defined
* symmetric algorithms we will miss 4.3% of wrong passphrases
* here. The actual checking is done later during bulk
* decryption; we can't bring this check forward easily. We
* need to use the GPG_ERR_CHECKSUM so that we won't run into
* the gnupg < 2.2 bug compatible case which would terminate the
* process on GPG_ERR_CIPHER_ALGO. Note that with AEAD (above)
* we will have a reliable test here. */
if (openpgp_cipher_test_algo (seskey[0]))
{
err = gpg_error (GPG_ERR_CHECKSUM);
goto leave;
}
/* Now we replace the dek components with the real session key to /* Now we replace the dek components with the real session key to
* decrypt the contents of the sequencing packet. */ * decrypt the contents of the sequencing packet. */
keylen = slen-1; keylen = slen-1;